Is the Maxthon MX Browser Worth a Gamble?

The Maxthon browser is a product of China. That might be enough for some people to write it off without going any further. After all, there are numerous books and articles by security experts that point out China’s propensity to break into business and government computer systems. Still, we can’t distrust everything unless we want to just disconnect our computers from the Internet, lock our doors, and stay inside.

The new MX5 version of the browser has some appealing features and Maxthon won CNET WebWare 100 Awards in 2008 and 2009, was #97 in PCWorld’s list of the 100 Best Products of 2011, was one of the twelve browsers Microsoft presented in 2010 at BrowserChoice.eu, and was pronounced excellent by PC Magazine in 2014: “Loads of nifty browsing helper features, including video-ad fast-forwarding. Speedy performance. Two page-rendering engines (Webkit and Trident) for compatibility. Good support for new Web standards. Cloud syncing of tabs, passwords, and more. Do Not Track enabled by default.”

I decided to give it a try.

Recently I reported that security researchers from Fidelis Cybersecurity and Exatel discovered the browser sent “sensitive browsing and system data” to remote servers located in Beijing, China. This data included information about ad blocker status, websites visited, searches conducted, and applications installed.

Two features are at play here: The user experience improvement program sends back information about how well the browser works. That is common with many applications today. When users turned off the feature, though, the data continued to flow. Maxthon traced that to a bug in an old bit of software and fixed it. The other feature in play is the browser’s security function that examines websites in the same way that many protective applications do and warns users when the site has a bad reputation.

Still, during the installation, I recommend choosing the Advanced option and then choosing for yourself whether you want a desktop shortcut (I turned that off), whether you want MX5 to be your default browser (I turned that off and even Maxthon recommends not selecting that option while the browser is still in beta), and whether you want to participate in the user experience improvement program (I left the UEIP enabled.)

To use MX5, you must create an account using either a cell phone number or an email address.

This is required because the browser will store some of your configuration information on-line so that you can synchronize the look and feel on different machines.

Even if you don’t want to do this, you’ll need to create an account.

MX5 uses both the Trident and WebKit rendering engines. Trident was developed by Microsoft and is used in Internet Explorer. WebKit is a fork of KHTML by Apple and is used in Apple Safari, Chromium, and Google Chrome. Microsoft Edge uses the EdgeHTML rendering engine, which is a proprietary version of WebKit. MX5 is the only browser that uses both.

As with most browsers, MX5 offers to save credentials. One difference is that it acts a lot like LastPass in that it encrypts credentials on your computer and also stores them in an encrypted file in the cloud. My preference is to continue using LastPass because it works across all browsers.

Maxthon, as I noted earlier, is a Chinese company with headquarters in Beijing and offices in Shanghai, Hong Kong, and San Francisco. As such, much of the development work is done by people who speak English as a second language. Sometimes that shows in the interface.

For example, hovering the mouse cursor over the proxy icon told me that I was actively using a proxy server, yet the Windows internet applet clearly shows that this is not the case.

For most users, the MX5 browser will present several handy features that other browsers don’t have. For developers, some outstanding tools are built in.